Jump to content

Win 2003 Security Policy not Updating

ethanmcf

By ethanmcf
in Windows 2000/2003/NT4

 Share

Recommended Posts

ethanmcf

ethanmcf

Posted
Posted

Hello,

I have applied a security policy to the Domain controller, mainly for users to be able to log in to it locally, and to set the Message text and title, both have been set the same for the Domain Controller Security Policy, and the Domain Security Policy, however, the clients are not receiving the update.

Any Help would be appreciated on how to get them to receive it.

Link to comment
Share on other sites

allen2

allen2

Posted
Posted

I don't really understand what you're trying to do but here are generic gpo diagnose steps:

- Check if the gpo is really applied on the right computer/user.

- launch gpupdate /force on the target computer then gpresult should show which gpo have been applied.

Generic tips:

- use loopback when more than one gpo is applied on the same target.

- disable slow link detection.

Link to comment
Share on other sites
ethanmcf

ethanmcf

Posted
  • Author
Posted

I don't really understand what you're trying to do but here are generic gpo diagnose steps:

- Check if the gpo is really applied on the right computer/user.

- launch gpupdate /force on the target computer then gpresult should show which gpo have been applied.

Generic tips:

- use loopback when more than one gpo is applied on the same target.

- disable slow link detection.

The Security policy has been applied to the clients, with the gpupdate /force command, however the domain controller is not updating itself, its not letting users log in interactively/through terminal server. even though the required info has been filled out.

gpupdate /force doesn't seem to do anything on the actual domain controller.

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted

Well, run gpresult /z to see what's actually being applied, and perhaps use GPMC to do an RSOP to see what settings are actually being applied (and by which policy), and go from there.

Link to comment
Share on other sites
ethanmcf

ethanmcf

Posted
  • Author
Posted

Well, run gpresult /z to see what's actually being applied, and perhaps use GPMC to do an RSOP to see what settings are actually being applied (and by which policy), and go from there.

It seems to think the security policy is applied to the domain controller, when it isn't.

At this point I'm stuck. It's being applied to clients, but not the DC. Don't understand it.

Link to comment
Share on other sites
ethanmcf

ethanmcf

Posted
  • Author
Posted

At what level in the AD tree did you apply the policy? If you look at it in GPMC, where is it being applied? You might want to link it directly to the domain controllers OU.

The DC that's not receiving the update is the only DC in the Tree, one DC, One tree, one forest.

So the domain controller security policy only needs to be applied to one machine, and that's the DC!

Which is where the security policy is being set.

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted

You missed my point - DCs go into a separate OU from the rest of the machines (by default), so making sure it's actually applying to that OU is a good start. This is one of the many reasons to use GPMC exclusively for creation and application of GPOs, rather than using the policies on servers or the DCs directly.

Link to comment
Share on other sites
ethanmcf

ethanmcf

Posted
  • Author
Posted

You missed my point - DCs go into a separate OU from the rest of the machines (by default), so making sure it's actually applying to that OU is a good start. This is one of the many reasons to use GPMC exclusively for creation and application of GPOs, rather than using the policies on servers or the DCs directly.

In the GPMC it says only the Default Domain controller policy is applied. But i dont want to apply a GPO, i need to apply the 'Domain Controller Security Policy' in the Administrative tools folder. Didn't think i could apply a security policy via a GPO

Link to comment
Share on other sites
ethanmcf

ethanmcf

Posted
  • Author
Posted

You missed my point - DCs go into a separate OU from the rest of the machines (by default), so making sure it's actually applying to that OU is a good start. This is one of the many reasons to use GPMC exclusively for creation and application of GPOs, rather than using the policies on servers or the DCs directly.

In the GPMC it says only the Default Domain controller policy is applied. But i dont want to apply a GPO, i need to apply the 'Domain Controller Security Policy' in the Administrative tools folder. Didn't think i could apply a security policy via a GPO

I've also tried to enforce the policy, but nothing has changed. forced update, and still nothing.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...